Channels

Services

Mono developers close security hole

A flaw in the web server components of the free Mono .NET clone potentially allows ASP.NET applications to supply source code or other files from the web server's application directory. Mono 2.8.2 fixes this as yet unexplained bug. Affected components on the project's vulnerability list include the XSP web server and the mod_mono Apache module. Both of these execute ASP.NET code.

Another security patch fixes a flaw that allows Silverlight applications to execute arbitrary code when running in a security manager. Versions 2 and 3 (beta) of the Moonlight Silverlight implementation are affected.

Further information about the update can be found in the release notes. Mono 2.8.2 is available for Linux, Windows, Mac OS X and other operating systems from the project's download page.